MDM: Why Choose Microsoft Intune?​

​
Microsoft Intune is considered a leading solution for device management (MDM) when the question of modern management arises. This article aims to provide a perspective on the reasons behind this observation.​

What is the Purpose of Intune?​

Intune serves as a Mobile Device Management (MDM) tool, offering the following capabilities:​

• Visibility on Mobile Devices and Workstations: Intune provides visibility into mobile devices and workstations within the organization.​
   
• Deployment of Applications and Configuration: It enables the deployment of applications, application of configurations, and management of OS updates.​

• Enforcement of Device Compliance: Intune allows the establishment of compliance rules and the application of non-compliance status to devices that do not adhere to these rules.​

Mobile Application Management (MAM): In addition, Intune supports Mobile Application Management (MAM), enhancing data security by managing mobile applications.​

Intune and Azure AD​

Intune relies on Azure Active Directory (AAD), which goes beyond a cloud directory. Azure AD centrally manages identities, SaaS applications, and access to internal/external resources, potentially secured by conditional access policies.​

The device is initially joined to AAD through Azure AD Join or Hybrid Azure AD Join. The “automatic enrollment” feature takes care of enrolling the device into Intune.​

Not all devices present in AAD are necessarily managed by Intune. They must meet criteria established by the client (group membership, licenses, OS version, etc.) or may have been pre-registered by a partner manufacturer (Autopilot functionality).​

Windows Autopilot Principle​

The Cloud for What Advantages?​

The close relationship between Intune and Azure AD offers numerous possibilities.​

In an increasingly remote work-oriented world, administering devices from a web platform is a significant challenge. MPLS and VPN will be less necessary in the long term #finallyfree. A robust internet connection will be sufficient for devices to be managed and used effectively.​

It is worth noting that workgroup-based devices (still very common) will benefit the most from this link between Intune and AAD. Mostly managed locally by local IT using USB drives or PPKG, they are often used as local administrators. These devices will now be reported and managed like any other workstation, countering shadow IT, a battle close to the hearts and wallets of many clients.​

Additionally, those who wish to can protect data (Mobile Application Management, or MAM). Particularly relevant in cases of mobile BYOD, using “App protection policy,” IT has the ability to manage data and applications deployed by the company.​

And this can be done without worrying about the device’s membership, which will only be “registered” in Azure AD (AAD Register vs. AAD Join). This is a topic to be addressed hand in hand between legal and technical teams.​

The Consistency of Intune​

While Intune ensures device management, there are also other MDM solutions on the market.​

Where generally the solutions share the same primary objectives, Intune provides consistency with the Microsoft client ecosystem.​

Workstations, as the focal point of the debate, are predominantly running Windows 10. Managing them through Intune means onboarding devices without having to deploy a dedicated agent since the Intune agent is immediately integrated into Windows 10.​

​
Exchange between Intune and the device​

Note also the possibility of setting up co-management between SCCM and Intune. A compelling strategy on paper, given the importance of SCCM for many clients.​

It is also the certainty of being able to fully benefit from modern management not only for the device but also for the context of end users.​

Take the example of shared workstations, a prevalent use case for certain clients. This scenario is currently impossible with some MDM solutions. Even though we are moving towards universal management of Windows 10 with OMA-URI, the path is still long. Intune, on the other hand, fully leverages the possibilities and use cases, whether it’s shared PCs, BYOD, corporate PCs, or even kiosks (e.g., terminals, points of sale).​

Another point to consider is existing infrastructures. Starting with Active Directory, where computer and user objects reside. Thanks to Azure AD Connect, it is possible to transition objects from AD to AAD, providing a seamless transition to the cloud while remaining connected to the ADDS domain.​

Azure AD Connect​

The status of “Hybrid Azure AD join” (HAAD) raises questions. Where is identity managed? What about delegation in this flat AAD organization without hierarchy or OU?​

How do you translate GPOs if the devices are only in AAD? And what about the reverse direction from AAD to AD? And where does MFA fit into all of this?​

These questions are not so much technical as they are strategic, and each client will answer them based on their context and ambitions.​

Licensing, at what cost?

Licensing can be likened to a real maze.​

Upon closer inspection, it becomes apparent that by having ventured into Microsoft solutions like O365 or Windows 10 E3, you may already have, perhaps unknowingly, all or part of the means to fully transition to Intune.​

Yes, licenses come with a cost.​

However, this cost should be weighed against the costs and drawbacks of more legacy solutions: maintaining infrastructure, MPLS, Software Assurance, Shadow IT, VPN, deployment and evolution delays, Office Suite, etc.​

Intune, a modern logic

End users are accustomed to devices. Whether at home or at work, we use these devices constantly.​

Users evolve, and their needs evolve with them. 

It is logical that the solution to meet their demands also evolves. With unparalleled development strength, Microsoft aligns with this logic through Intune because it is at the heart of the modern challenges behind these expectations.​

Several upcoming articles will delve more deeply into the technical aspects of managing workstations through Intune in various ways.​

“A tradition is never anything but progress that has succeeded.” – Druon​